May 19, 2009 at 11:57 am
I'm not sure if I'm in the right section, or even website, to ask this question. But I'm doing some investigation for my company. Our hosting company is really pushing us to add a service plan from another company that does Intrusion Detection Systems, alertlogic.com. It sounds like a really good product, and in a perfect world we'd want all the security possible for our site. But we honestly haven't had too many problems. I'm sure we could be more secure, but I have a hard time believing that there isn't another solution for securing our site in this manner for less than $1000+ a month. Maybe some kind of protection that isn't as good as their's, but is good enough for our site, which as I said hasn't had many worries in the number of years we've been running. We do not monitor and track every single byte of data that comes in and out of our servers, but do we really need to? We're a good size company, and we are weathering the current economy well, but we don't have have a tree that sprouts one thousand dollar bills to pluck this from. Any thoughts, or suggestions, or directions?
Thanks
May 19, 2009 at 12:58 pm
Hi Stephen
I think the people who can answer this question are you...
First question:
Do you think the customer may be lost if you don't introduce this security software?
Second question:
Is your customer a usual customer or a strategic important customer?
Third question:
x = ("Money you make with your customer" + "Strategic value") - (1000$ + "Effort for introduction of new security")
Greets
Flo
May 19, 2009 at 1:09 pm
I get what you are going for here. And I'm in the process of trying to figure out the statistics required to do an equation like you presented here.
Its just that I've yet to hear of such a service before, and have no idea if its a common business pratice for web companies these days. Or if its just a common practice for certain kinds of web companies these days, and if so, are we one of those kinds. That way I can figure out if it does in fact give us a strategic advantage. I'm not even sure where I can go to research this on the web.
Thanks.
May 19, 2009 at 1:23 pm
IDS software is great. IF this is particularly for a website the best IDS service can still be gotten around. Like AntiVirus services, most IDS systems work on rules and definitions for what a file or packet looks like, although some of the newer ones are getting better at behavior analysis as well. Because of this, like AV products they are only as good as the most recent rule update/definition file etc.
There are some fantastic OpenSource IDS applications, one of the most widely used is Snort[/url]. If you're doing a hosted solution you may be limited on what you can choose to use, but Snort in and of itself is free. There are fee based services that help you monitor it and write rules/definition files for it, and I have no idea how much they cost, but they are out there and I'm guessing they are less than $1000/mo.
Depending on how you set them up, they can stop attacks as they are happening or just be another source of auditing for letting you know what happened when and how bad it might be. So they can be pretty useful. there are also products that you can use as a proxy for your SQL Server to check the validity of the SQL statements looking for injections and such.
The best thing you can do to secure your website is to validate each and every parameter passed from one page/class/method to the next rather than just checking for single quotes and semi colons, before it gets to the DAL. Oh and by the way this is more or less free 'cause you already have the developer resources to do it, and won't be costing $1000/mo.
Here's a diary entry from today from the guys over at the Internet storm center that really kinda drives home the point. http://isc.sans.org/diary.html?storyid=6409
-Luke.
May 19, 2009 at 1:33 pm
Thanks for the input. I just came across Snort on Wiki right before your post. It looks pretty nice, just have to wonder how much it would cost, in time, to learn and implement it. Especially since no one on our team is very familiar with it. Our current quote from our host which will implement alertlogic.com's service for us is $1000 to setup and $1020 a month. So alertlogic is probably less than that, and they are tacking on their middleman fee. We'll pay it if its just worth the convenience. Just hate feeling like we're the guy on the car lot having a used car salesman who is telling us how much we "need" front and rear spoilers on our new car, ya know?
I'll bring up what you mentioned with the guys, thanks again.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply